LinkedIn security attack - change your passwords now

Nearly 6.5 million LinkedIn passwords have been posted on the internet in a colossal security breach to the professional social network.

According to Sophos, a file containing 6,458,020 unsalted passwords is being targeted by internet hackers, with the IT security and data protection specialists recommending LinkedIn users changed their password immediately.

“It would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step,” said Graham Cluley, senior technology consultant at Sophos.

“Of course, make sure that the password you use is unique, in other words, not used on any other websites and that it is hard to crack. If you were using the same passwords on other websites make sure to change them too. And never again use the same password on multiple websites.”

At the time of writing, LinkedIn has failed to comment on the possible security breach, only referencing it in it's Twitter feed:

“Our team is currently looking into reports of stolen passwords. Stay tuned for more.”

Launched in May 2003, LinkedIn has more than 150 million users across the globe.

UPDATE 6 JUNE 2012: LinkedIn has provided the following statement on the rumour, confirming the password breach:

"We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:

1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.

2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email.

3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously. If you haven’t read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices."